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ELECTRONIC SIGNATURE MANAGEMENT METHOD 



Cross-Reference to Related Applications 

[0001] This application claims benefit of no related applications. 

Technical Field of the Invention 

[0002] This invention generally relates to an improvement in the management of 
multiple digital signatures within a master document. 

Background of the Invention 

[0003] The use of digital signatures as is disclosed in U.S. Pat. No. 4,405,829 issued to 
Rivest et al. is a method well accepted for document authentication. The usual 
implementation of digital signatures involves the combination of the signer's personal 
private key with a hashed representation of a document to create a unique digital 
signature. 

[0004] There are sometimes problems associated with the authentication of documents 
using digital signatures. Digital signatures are attached to entire documents, while 
often there is a need to manage a hierarchy of signatures where signatures within the 
hierarchy are interrelated. Military logs, as an example, are a compilation of lesser 
documents (watches), each of which is the responsibility of a different individual. While 
the individual watches are subject to modification, such modification cannot be done 
without destroying the integrity of that watch signature and any higher-level approval 
signature. Treating the watches as a collection of individually sighed documents 
without a controlling structure is awkward. 

[0005] Previous document management schemes either do not allow for the 
management of the editing of signed documents or require programmed hierarchy 
information for verification purposes only. For example, in U.S. Pat. No. 5,915,024 by 
Kitaori et al allows separation of a master document into subdocuments and the 
signature generation for each subdocument, but does not allow editing and control of 

the establishment of the subdocuments as a part of the signature creation. 
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[0006] The verification of such segmented documents is also addressed in U.S. Pat. 
No. 5,661,805 by Miyauchi, allowing the inclusion of relational information to generate 
document verification but again does not address the maintenance of modifications to 
the sections subject to signature. 

[0007] Figure 1 illustrates the problems associated with the normal document 
creation procedure. While this Figure and the following discussion describe a military 
log, it is intended that this be only an example of similar problems within and without the 
government. After individual watches are recorded (steps 1, 2 and 3 or 10, 11 and 12) 
they are presented to the officer of the day (OD) for review (step 4 or 13), and possibly 
correction (step 5 or 14). When corrected, any watch signature must be redone (step 6 
or 15). After the OD signs a watch (step 7 or 16) it is then reviewed by the Officer in 
Charge (OIC) (step 8 or 17). The OIC can order revisions (step 9 or 18). If revisions 
are then made to a watch, both the watch signature, if made, and the OD signature, if 
made, must be redone (step 6 or 15). The OIC then signs the watch entries as a final 
approval after all revisions are made (step 19), after which no corrections can be made 
(step 20). Figure 6 illustrates a military log showing some relationships of the log 
approvals. 

[0008] While the single watches can be signed as a single document in the traditional 
manner, the single acceptance signature signifying the approval of the collection of 
watches, and the invalidation of approval signatures if another watch in the collection of 
watches is modified makes desirable the compilation of the individually-signed watches 
as a unified document. 

[0009] An ancillary problem present in the approval process for documents is the case 
where a reviewer questions the content of a document he must approve prepared by 
another. Since often the review process is through a document transfer rather than a 
face-to-face meeting, such comments are often best managed by inclusion within the 
document under review. If an existing signature encompasses this document then the 
embedding of questions by a reviewer could cause the invalidation of the signature if 
steps were not taken to protect against that event. The inclusion of comments outside 
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the document under review prevents a precise localization of the area under question 
within the document. The automatic revocation of a digital signature when a comment 
is inserted to avoid the presence of an invalid signature would cause an unnecessary 
resigning step if the comment were resolved without a change to the document. 

Brief Description of the Drawings 

[0010] Figure 1 illustrates a flow chart for the creation of a military watch document. 

[0011] Figure 2 illustrates a flow diagram for the use of the methods of this invention 
in the creation of a cover document and the creation, editing, signing and signature 
verification of subdocuments within the cover document. 

[0012] Figure 3 illustrates the flow chart for the use of the methods of this invention 
in the creation of a hierarchy of approval signatures with each approval signature 
encompassing one or more subdocuments and zero or more approval signatures. 

[0013] Figure 4 illustrates a modification of the flow chart of Figure 2 for use with a 
server-based implementation of the creation of a cover document to control the creation 
of subdocuments, and the editing, signature generation and signature verification of the 
subdocuments. 

[0014] Figure 5 illustrates a method for the creation of comments within the cover 
document without affecting the generation of digital signatures for the contents without 
the comments. 

[0015] Figure 6 illustrates a military log incorporating the structure of this invention. 
Terms Defined 

[0016] In the description of this invention the term "cover document" is applied to a 
document that serves as a protected container document for representations of the 
digital signatures and the subdocuments. The term "subdocument" is applied to a 
collection within the cover document of text, video, audio, graphical or pictorial data, or 
a mixture of these data forms, that is to be given a digital signature. The term 
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"subdocument object" is applied to a separate representation of a subdocument that is 
created for manipulation during the process of editing, signature generation or signature 
verification. The term "approval signature" is applied to a digital signature that signs a 
range of the cover document including one or more subdocuments or digital signatures 
on the cover document. The term "approval range" is applied to the section or sections 
of the cover document to which a particular approval signature applies. 

Summary of the Invention 

[0017] It is therefore the first object of this invention to provide a method for the 
control of the signature process to allow controlled creation, modification, signature 
generation and signature verification of the subdocuments in a single cover document. 

[0018] It is a second object of the present invention to provide approval signatures 
for any cover document approval range and to present in the cover document the 
approval signature and supporting approval signature information. 

[0019] It is a third object of the present invention to provide a method of applying 
comments in the cover document without affecting the digital signature of a 
subdocument or approval range that encompasses the comment. 

[0020] In order to achieve the above objects according to the first aspect of the 
present invention, there is provided a method of adding electronic signatures, 
comprising the steps of: 

creating a protected cover document for the creation, display and editing of the 
composite subdocuments and for controlling through the cover document access 
to the subdocuments for creation, editing, signature generation or signature 
verification; 

creating through a menu associated with the cover document an access to the 
subdocument for edit and display of the subdocument in the cover document; 

creating through a menu associated with the cover document the transmission of a 
subdocument object to a signature-generation program to allow creation of a 
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digital signature for each subdocument and for the verification of that digital 
signature; and 



providing in the cover document a display and/or storage of any digital signature 
created for a subdocument, together with the information required or useful to 
use the digital signature. 

[0021] According to the second aspect of the present invention the steps described 
in the first aspect is augmented by the ability to add to the cover document approval 
signatures representing approval or acknowledgment of a section of the cover 
document. This allows a hierarchy of approval signatures on the cover document 
where each approval signature represents authority over an approval range of the 
cover document, possibly including subdocuments, subdocument signatures and other 
approval signatures. Control features conditioning obtaining an approval signature can 
be added, such as not allowing approval signatures unless the approved documents 
are signed, removing the approval signature if the subdocument is edited, prohibiting 
the editing of subdocuments within a signed approval signature range, or requiring a 
proper user authorization level before a user can generate an approval signature. This 
approval level can be established by an authorization level stored in the signature- 
generation PKI or by a list of authorized signers for any signature stored in the cover 
document control software. 

[0022] To achieve this second aspect of the present invention there is then provided 
a method of adding electronic signatures, comprising the steps of: 

creating a protected cover document for the creation, display and editing of the 
composite subdocuments and for controlling through the cover document access 
to the subdocuments for creation, editing, signature generation or signature 
verification; 

creating through a menu associated with the cover document the ability to access 
and edit a representation of the subdocument object that is then transferred to a 
visible, protected display in the cover document; 
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creating through a menu associated with the cover document a means for the 
transmission of a subdocument to a signature-generation program to allow 
creation of a digital signature for each subdocument and for the verification of 
that digital signature; 

providing through a menu associated with the cover document a display and/or 
storage of any digital signature created for a subdocument, together with the 
information required or useful to use the digital signature; 

providing through a menu associated with the cover document the generation of an 
approval signature for an approval range of the cover document including one or 
more subdocuments, any associated digital signatures and accompanying 
signature information, or other approval signatures; 

providing protection to the integrity of the approval signature by either preventing the 
editing of subdocuments within the approval range for a signed approval 
signature or destroying any approval signature whose approval range includes 
an edited subdocument; and 

providing in the cover document a display and/or storage of any approval signature, 
together with the information required or useful to use the approval signature. 

[0023] According to the third aspect of the present invention the steps described 
previously are augmented by the ability to add comments to the cover document. 
These comments could, for example, pertain to questions raised in the approval 
process. These comments are removed from the calculation of the subdocument digital 
signature according to the first aspect of this invention and any approval electronic 
signature generated according to the second aspect of this invention. The added 
comments can be either text, audio, graphical, images or video clips. To achieve this 
third aspect there is then provided a method of adding electronic signatures, comprising 
the steps of: 

providing in the cover document a method of inserting comment objects; and 
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providing in the transmission of a subdocument object to a signature-generation 
program in the creation or verification of a subdocument digital signature that 
any reference to the comments objects be deleted prior to the transmission to 
the signature-generation program. 

Detailed Description of the Invention 

[0024] The preferred embodiments of the present invention will be described in the 
following discussion in terms of the functionality provided by Microsoft Word, but the 
extension to other programmatic implementations is obvious to those skilled in the art. 

[0025] The First embodiment of the present invention is discussed with reference to 
Figure 2. A cover document is first created as represented by 100 to serve as a 
container for subdocuments created by more than one individual or at more than one 
time. This document is protected from user entry but the user has access to menu 
functions (101), including allowing the creation of a subdocument as shown in the path 
leading to 102. If the creation of a subdocument is selected, a subdocument area is 
reserved in the cover document, either as the first or last subdocument in the cover 
document or at a pre-selected or user-selected place within the cover document. This 
subdocument area is delineated by the creation of one or more reserved areas, or 
bookmarks, within the cover document. In the preferred embodiment this is 
accomplished by the creation in step 100 of a password-protected Word document from 
a Word template document containing embedded macros accessed through toolbar 
icons to accomplish the functions shown in step 101. The preferred embodiment 
further creates a reserved space as shown in step 102 by creating within the cover 
document a header bookmark and a body bookmark for each subdocument after all the 
previously existing subdocuments. 

[0026] There is also a menu item in the cover document menu selection 101 for the 
editing of subdocuments created in step 102. Since the editing of a previously signed 
document will destroy the validity of the signature, the user can be programmatically 
prevented from editing a subdocument if there is a desire to maintain the current 
signature. If the user is allowed to edit a signed document and proceeds with the 
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editing then as is shown in step 103, any previous digital signature attached in the 
cover document to the subdocument to be edited is destroyed and the subdocument 
becomes an unsigned document in the cover document. Alternatively, the destruction 
of any digital signature can be deferred until step 306 to allow destruction only in the 
case where the subdocument content is actually modified during the edit process. A 
subdocument object is created representing an image of this subdocument and this 
subdocument object is made accessible to the user and opened for editing as shown in 
step 103. If previous editing has created content in the subdocument then this previous 
content is copied from the cover document to the subdocument object as shown in step 
104. In the preferred embodiment, this subdocument is opened as an unprotected, 
editable Microsoft Word Document inserted as an object within the cover Microsoft 
Word Document or created as a separate temporary Word Document. Any existing 
cover document content for the subdocument is copied from the body bookmark in the 
cover document and pasted into the editable Word document. This editable inserted 
Word document in the preferred embodiment can be formatted as required, as by the 
selection of a template for opening the subdocument. 

[0027] The user can be given full access to the subdocument object for editing with 
word processing tools well known in the trade to enter and modify the subdocument 
content as shown in step 105. When the user has finished with the edit, a menu item is 
selected which closes and copies the subdocument object to the cover document and 
then optionally destroys the subdocument object, as shown in steps 106 and 107. This 
allows a complete image of the subdocument to reside on the cover document with 
restricted access while allowing the creation as needed of full reproductions in the 
subdocument object. In the preferred embodiment this step is accomplished by 
allowing editing of the Microsoft Word document created in the previous step, then 
cutting and pasting that document into the subdocument body bookmark area of the 
cover document, which is maintained as a protected document. The Word document 
opened for edit is then deleted. 



[0028] While this discussion has described maintaining the master version of the 
subdocument in the cover document and creating an image of that master document to 
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present for editing, it is within the scope of this invention to maintain the master copy of 
the subdocument as an mbedded or external object, with a representation of the 
object in the cover document. In this implementation the subdocument object is not 
deleted between editing sessions, but access to the subdocument is still through the 
cover document in order to protect the subdocument from alteration. This is 
accomplished, as one example, by creating an embedded Microsoft Word document 
within the cover document, and maintaining the embedded document as a displayed 
document on the protected cover page, and programmatically limiting access to the 
embedded Word document for editing purposes. As another alternative, the 
subdocument can be maintained in the cover document and a portion of the cover 
document encompassing the subdocument opened up for editing while protecting the 
remainder of the document. 

[0029] Another possible menu selection in the cover document is the choice to 
digitally sign a subdocument, as shown in the selection path starting with 108. As in the 
menu selection for editing a subdocument, a subdocument object is created and any 
existing subdocument content is copied into the subdocument object, as shown in steps 
108 and 109. In the preferred embodiment, this subdocument is opened as a Microsoft 
Word Document inserted as an object within the cover Microsoft Word Document or 
created as a separate temporary Word Document. The contents of the subdocument 
body bookmark in the cover document are then copied and pasted into the 
subdocument object. Any desired deletions from the subdocument object content, e.g. 
formatting characters, can be removed from the subdocument object content. The 
subdocument object content is then communicated to a digital signature-generation 
external program or module, together with identifying information input by the user as 
shown in step 110. The process of generating the digital signature from the hashed 
representation of the content and the user's private key is well known in the literature. 
The digital signature-generation program or module will return a digital signature or an 
abort notice defining why the digital signature could not be created. The subdocument 
object is then destroyed as shown in step 112. This step can be performed before, 
after or simultaneously with the recording of information to the main document in step 
111. 
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[0030] If a digital signature is obtained, this is information is recorded in the cover 
document as shown in step 1 1 1 with appropriate delineation. This is accomplished in 
the preferred embodiment by copying the digital signature from the digital signature- 
generation program into the cover document and delineating the signature by the 
creation of a signature bookmark enclosing the signature in the cover document 
following the body bookmark, and an enclosing box visible in the cover document. If 
the digital signature cannot be obtained, as, for instance, when the user identity is not 
recognized by the signature-generation program, the reason for the failure of the 
signature generation as contained in the abort notice is displayed to the user. The 
digital signature can be augmented by additional information commonly associated with 
the digital signature, e.g. the date and identity of the signer or the public key of the 
signer. Any amount of this information, for example the public key, can be represented 
in a non-printing form, such as hidden text or an embedded object, to avoid 
encumbering the appearance of the cover document while keeping the information 
available for verification purposes. 

[0031] At the time the cover document is created the format of the cover document 
can be made to be in a form suitable for printing or data parsing. In the preferred 
embodiment this is accomplished by the creation of the cover document through a 
Microsoft Word template document (.DOT), which also contains the macros for the 
creation of the menus and their implementation. This document form can reflect the 
presence and location of the subdocuments and digital signatures and the status of a 
subdocument, e.g. unsigned documents being highlighted or distinctively outlined, or 
the number of subdocuments being displayed in the cover document. 

[0032] Another possible menu selection associated with the cover document is the 
choice to verify the digitally signed subdocument, as shown in the selection path 
starting with 113. As in the menu selection for editing a subdocument, a subdocument 
object is created and any existing subdocument content is copied into the subdocument 
object, as shown in steps 113 and 114. In the preferred embodiment, this 
subdocument is opened as a Microsoft Word Document inserted as an object within the 
cover Microsoft Word Document. The contents of the subdocument body bookmark in 
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the cover document are then copied and pasted into the subdocument object and 
edited to remove undesired characters. In step 115 a digital signature is generated 
from the subdocument object content as was done in step 110 with the exception that in 
step 115 the user identification information is obtained from the cover document. The 
generated digital signature is compared with the digital signature stored in the cover 
document previously obtained in step 110. An agreement of these digital signatures is 
an indication that the digital signature recorded on the cover document is valid, and 
therefore the document has not been modified. It should be noticed that this verification 
function is an internal feature of many signature-generation programs and in that case 
the comparison need not be done within the cover document control program. 

[0033] A discussion of the second embodiment of this invention will be made with 
reference to Figure 3. This embodiment allows the creation of a hierarchy of signed 
subdocuments where an approval signature can be added to the cover document 
encompassing a range of cover document content, possibly including subdocuments, 
subdocument signatures and/or associated information, and other approval signatures 
and/or associated information. 

[0034] A cover document is created and one or more subdocuments are created 
and then signed in this cover document as has been previously described and as is 
indicated by steps 200-206. A range of the cover document to be encompassed by the 
approval signature (the "approval range") is determined, possibly including these 
subdocuments, associated digital signatures and other approval signatures. This 
approval range can be predefined or user-selectable, and need not be contiguous. The 
approval range may be indicated on the cover document either by the position of the 
subdocuments and approval signature in the cover document or by a selection process 
and an indication within the cover document of the range of subdocuments approved. If 
desired, the approval can be prohibited programmatically if one or more subdocuments 
within the approval range have no digital signature. 

[0035] The content of the approval range is copied to a subdocument object and a 
digital signature is created from this content together with user-input signer 
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identification information as shown in step 207. The generation of this signature is in 
the same form as was utilized in Figure 2 steps 108-1 12, consisting of the editing of the 
subdocument object to remove content not to be included in the digital signature, 
communication to an external signature-generation program and reception of the digital 
signature from that signature-generation program. The generation of the digital 
signature can be made conditional on the approval level of the user in relation to the 
approval level required for the range that is to be approved. When a level of approval is 
required, this approval level can be determined based on the subdocuments covered or 
the level of embedded approval signatures or by any other desired criteria. The 
approval level can be stored in the cover document with reference to approval levels 
stored in the PKI interface in the signature-generation program or module, or 
alternatively the cover document can store a list of allowed signers. The approval 
digital signature and any desired ancillary information are stored in the cover document, 
either as a text message, a hidden text message or as a subdocument object, or by any 
combination of these media. If subsequently any subdocument within this approval 
range is edited, any approval signature whose range encompasses this subdocument 
must be removed, as indicated by steps 208 and 209. 

[0036] Higher-level approval signatures can be generated as indicated by step 213, 
encompassing ranges of approved subdocuments, as in steps 201-207, and additional 
subdocuments as in step 207. As in the generation of the lowest level approval 
signature the higher-level approvals represent a range on the cover document including 
the digital signatures represented on the cover document. The inclusion of the nested 
digital signatures assures the integrity of the documents and approvals within any level 
approval range. 

[0037] Provision may be made for the removal of document signature generation 
and editing capability in the cover document when a level of approval is achieved. It is 
often desirable to programmatically disable these functions for subdocuments within an 
approval range after that approval signature has been entered. This is shown as step 
214 locking the entire document after the highest level of approval signature, 
represented by step 213, but could be implemented at a lower level. For example, at 
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step 210, editing of all subdocuments within that approval range could be 
programmatically prohibited. 

[0038] The second embodiment of this invention is accomplished in the preferred 
embodiment by programmatically selecting a section of the cover document, including, 
since the cover document is a flat file, any subdocuments and digital signatures within 
this selection. This selection is then copied to a separate Microsoft Word Document 
opened as an object within the cover Microsoft Word Document or created as a 
separate temporary Word Document. The separate Microsoft Word Document is edited 
to remove content, such as formatting characters, that it is desired not to include in the 
digital signature and then exported to the signature-generation program or module. 
This signature- generation program returns an abort notice that is communicated to the 
user if the digital signature cannot be generated, or a digital signature, which is then 
copied into an appropriately formatted area within the cover document. The formatted 
area, including the digital signature, is delineated with an appropriately named 
bookmark to facilitate the deletion of the bookmark when an included subdocument is 
edited or to allow an easy search for the presence of an approval signature to 
programmatically disallow edits of subdocuments within the signature area. 

[0039] In the first and second embodiments there is the export from an embedded 
document to an external digital signature-generation program. A common problem 
associated with the digital signing of a general document is the metadata contained in 
the document will prevent a document reproduced with the document's content from 
having the same hash function as a different version with the same content. In many 
cases, this can be avoided when the message consists only of the content of the 
subdocument by the export of the data as a text or binary file or transmission with no 
metadata. In other cases the metadata can be spoofed, as, for example, the 
regeneration in a consistent manner within a Word document of the metadata in order 
to avoid changing the dates, authors, version numbers, etc., so as to consistently 
generate identical Word files on different occasions. In the preferred embodiment, 
directed to military logs, the content was text and exported as a text file, but that is not a 
limitation on the general application of this invention. 
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[0040] In some cases the record of the sequence of signature generation and 
removal is of interest for audit purposes. At the time of any signature generation in 
either the first or second embodiment of this invention the fact and conditions of 
signature generation, deletion, or the failure to generate a digital signature can be 
appended to an internal or external audit log by the program. 

[0041] The previous description of the first and second embodiments of this 
invention described maintaining the primary record of the subdocument in the cover 
document and the generation of auxiliary web documents for user input. When the 
cover document is maintained in a document server it may be preferable to maintain 
the cover document as a read-only file on the server. Creation, editing, signature 
generation and signature verification can be by the generation of a browser-readable 
web presentation, e.g. a HTML document, representing the information in a 
subdocument. Editing can be then accomplished by providing for the creation of a web 
page displaying the contents of the subdocument area of the cover page, with the 
contents of the subdocument being exposed for editing in the web page. The 
communication to this presentation can be by the program controlling the cover 
document opening a socket to the presentation, file transfer or any other means of 
inter-program communication. 

[0042] Figure 4 represents the flow diagram for such a generalized interface. The 
read-only cover document created in step 300 can be either a text document or a 
database containing the subdocuments, approval signatures and ancillary information 
for presentation to the user through a report-generation program (such as Crystal 
Reports by Crystal Decisions, Inc.). Step 302 represents the creation of a 
subdocument as either a reserved area within a text document or a field within a 
database. If the edit function is selected the subdocument is presented to the user in 
an editable form, such as a browser text box. Any digital signature associated with an 
edited subdocument can be destroyed in step 303 or the decision to destroy the 
signature can be deferred until later in step 306 so the signature removal would only 
take place in the event the subdocument content is actually modified. 
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[0043] The user modifies the information in steps 304 and 305, through a browser- 
readable document or other user interface. In step 306 the subdocument in the cover 
document is updated by the information received from the user and the user view is 
removed in step 307. When the signature generation function is chosen the user 
identification is obtained from the user in step 308, and transferred by the program 
controlling the cover document to a signature-generation external program or internal 
module. When the digital signature is generated the cover document is updated as 
shown in step 311. A standard signature-generation program, such as the Java-based 
Trust Services Integration Kit by Verisign, Inc., can be used for communication to 
commercial PKI centers or many available digital signature modules, such as GnuPG 
by the Free Software Foundation, Inc., can be used to generate a localized PKI 
interface. These programs allow for signature verification as provided in step 313, and 
the validity information is presented to the user in step 314. 

[0044] Figure 3 assumes the generation of subdocuments in the manner described 
with reference to Figure 2, and is equally valid for subdocuments generated in the 
manner described in Figure 4. The generation of approval signatures from 
subdocuments generated in the manner of Figure 4 proceeds from a server-based 
cover document that is either a text document or database. A space or database field 
in the cover document is reserved for the approval signature and subdocuments, 
approval signatures, and associated information associated with an approval signature 
range is either predefined or subject to user selection. The user identification is 
presented to the signature generation program together with the content of the 
signature approval range in a manner consistent with the signature verification module 
and the format of the signature generation module in step 207. The user 
communication for the identity input can be through a user-viewable document 
containing a browser-readable presentation, e.g. a HTML document and can be by 
means of file transfer, opening a socket to or from the presentation, or any other 
method of program communications. 



[0045] In the user identification required for the generation of the digital signature 
use may be made not only by use of a username and password but also the reading of 
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physical tokens or user characteristics such as RFID keys, proximity cards, biometric 
readers, "smart cards", and other personal identification as a means to augment the 
integrity of the verification. An example of the use of such tokens would be the reading 
of the electronically readable military ID cards in the case to verify the user's 
possession of this form of identification before allowing digital signature generation in 
the case of military logs. 

[0046] A discussion of the third embodiment of this invention will be made with 
reference to Figure 5. In the process of creation, review and approval of a document 
with subdocuments there are often cases where questions regarding a subdocument 
are raised by reviewers. In these cases the subdocument may have been digitally 
signed and the insertion of the comments would ideally be separable from the signed 
documents so as not to invalidate the signatures when the comments are resolved with 
no changes to the documents. To achieve this desired functionality, provision is made 
for the insertion into the cover document of a comment object. This comment object 
can be in any data form including text, audio, image or video. Steps 301 and 302 
illustrate the process for the object insertion. In the process of treating subdocuments 
illustrated by Figure 2, the steps of 108-1 09 and 113-114 can be replaced by the steps 
of 303-305. When the subdocument is copied from the cover document to the 
subdocument object for signature processing, all references to the embedded 
comments are removed. This removal can also be accomplished during the process of 
copying in step 304 rather than in step 305. 

[0047] The comment can be added by either inserting an embedded object 
containing the comment, a link to a comment object, or embedding the comment 
between a delineation character or character combination. The preferred embodiment 
of this third embodiment is accomplished by inserting in the cover document Microsoft 
Word comments, and removing these comments after the image of the subdocument or 
approval range is created for transfer to the signature-generation program for the 
calculation of the digital signature or the signature verification. 
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